"People do not want to learn a new language but a new library"
-
Language vs Library
- the era of libraries: people tweak libraries instead of making or modifying languages
- "any sufficiently advanced library is indistinguishable from a language"
-
transition of what a "library" is:
-
collection (library) of functions
-
"framework" = incomplete application program (of skeletons where users fill out core functionality)
-
EDSL:
- hides internal state
- typically looks declarative (as much as possible)
- rejects illegal instantiations (by way of advanced type checkers)
- Example: Ruby on Rails (often considered a DSL but is a framework)
- flexible syntax (-> scala, Ruby) allows for "declarative look"
- macros, operators with infix or postfix notation (+ free arities)
- language extensions for custom constructs (HS rebindable syntax)
- different techniques to address problems with parsing and scoping
-
-
Looking at Python DSLs: PyTorch vs TensorFlow
-
Talking about errors (!)
-
Questions:
- Libraries vs. languages: languages can restrict usage, while users can always break out of a library
- What should the host language have to accommodate DSLs well?
- extensible syntax
- comment/warning about pitfalls (like parsing ambiguity) to achieve
user-friendly syntax
- "pluralism of languages" preferred (+ fashions are good to shake out bad ones)
-
Background: 1) Parametric Timed automata 2) Maude and Rewriting
-
This paper: Proposes systematic translation from PTA to rewrite system
-
(Sandia Labs work, for "high-consequence embedded control systems")
-
large concerted and controlled effort to create a consistent framework for development,
-
Treatment of C code
- Clang-based annotation of C with its ACSL spec,
- translation to CLight and back, to ensure constrained style and guarantees) (-> CompCert, -> FramaC)
-
Tool to connect all spec (just doc.s) with state model and code
-
..
- interested in how proofs in proof-assistants can be made into
schemas
-
lang-n-prove expresses "language proofs" (for classes of languages)
-
target languages:
- requires clear identification of introduction and elimination forms
- current evaluation: "variety of functional languages"
-
slides contain language syntax and various examples illustrating how the proof gets applied to different cases in a prototypical language
-
-
idea/message: combine Cogent and property-based testing towards verification
- Cogent: specialised language amenable to system verification
- strongly typed functional
- proofs in Isabelle (embedding), compiled to C + refinement
- proving stepwise data refinement (over relations, allowing for non-determinism via existentials)
- to add PBT, replace the Isabelle embedding by a HS embedding
- and add tests rather than a proof of the refinement
- Cogent: specialised language amenable to system verification
-
Benefit: low-effort -> reasonable assurance without a full proof
-
Questions:
- The PBT approach breaks down for things that are not executable
- (concretely, the refinement of relations requires relations to be
executable)
- Answer: this is for the input relation but the output relation does not need to.
- based on the Certik work
- deepSEA approach and pipeline: see screenshot
- goal of this work:
-
provide a blockchain model (cohesive as a whole), as opposed to proving refinement of individual contracts
-
main contribution: "Successful-calls approach", focusing on the happy path(s) of contracts.
- In the model, each call needs to be accompanied by a proof that the call will succeed. (- Compilation chain: deepSea -> Coq -> Solidity)
-
- individual Coq models generated from a graph of possible actions
(assumed to succeed)
- actions type, requires prior blockchain state to formulate success lemmas for the possible actions
- step function..
- example (crowd-funding): see screenshot
- successful-calls approach removes clutter from the proof, by introducing required conditions automatically.
- limitations:
- dependent pair (state, actions) required for successful-calls
- handling the case for revert (by making it its own action)
- Questions:
-
successful-calls approach ignores cases where the contract is unable to make any state change action (think DoS attacks)
- such a DoS state would have to be reached through a successful action, the method would have means to reason about this case.
-
Encoding of actions specific to contract. how about interaction between two contracts?
- currently actions hand-written but goal is to gemerate. This generator should consider contract interactions.
-
-
work in progress
-
setting: issuing commands to pilots to avoid mid-air collision
- previously proven by a geometric argument, now using a more
symbolic approach
- trade-offs in either direction
- goal here: bridge the gap and automate part of the work upfront
- previously proven by a geometric argument, now using a more
symbolic approach
-
method: "follow the corners" to define a safe/unsafe polygon
-
highly problem specific results, proposing a methodology to compute regions from a moving convex polygon in 2D.
-
ideas (this is WIP) for generating/including proof certificates, since the implementation is python